ReDoS.txt

#
# vi:  set ts=16:
# vim: set ts=16:
#?
#? NAME
#?      ReDoS.txt - file with malicious RegEx and payloads
#?
#? SYNOPSIS
#?      To read and used by appropriate functions.
#?
#? DESCRIPTION
#?
#? SYNTAX
#?      The syntax in the file herein is as follows:
#?
#?          empty lines are ignored
#?          lines starting with # are comments and ignored
#?          all other lines are data lines
#?
#?      Data lines have following format:
#?
#?          keyTABvalue
#?
#?      where TAB is the ASCII TAB character (hex 0x09).
#?      key is any alphanumeric string, following keywords are special
#?          payloads    - start of list with payloads
#?          patterns    - start of list with RegEx patterns
#?      The value of these keywords may be any string.
#?      All other lines are either payloads or patterns.  The left column is
#?      just a descriptive keyword. The right column is either the sring for
#?      payload or the raw string as RegEx (without delimiters like /).
#?
# HACKER's INFO
#       Keep in mind that all RegEx defined herein are based on perl or PCRE
#       syntax.  This means in particular that some engines need to properly
#       modify the RegEx to work in this engine. For example does JavaScript
#       require \-escaped [ inside a character class.
#?
#? VERSION
#?      1.0  31-mar-2010
#?
#? AUTHOR
#?      31-mar-2010 Achim Hoffmann, redos @at@ my -dash- stp .dot. net
# -----------------------------------------------------------------------------


#--------------+---------------------------------------------------------------
payloads	list of payloads
#--------------+---------------------------------------------------------------
a_12X	aaaaaaaaaaaaX
a_18X	aaaaaaaaaaaaaaaaaaX
a_33X	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaX
a_49X	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaX
Cox_10	aaaaaaaaaa
Cox_20	aaaaaaaaaaaaaaaaaaaa
Cox_25	aaaaaaaaaaaaaaaaaaaaaaaaa
Cox_34	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Java_Classname	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
EmailValidation	a@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
EmailValidatioX	a@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaX
invalid_Unicode	(.+)+\u0001
DataVault_DoS	[,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
EntLib_DoS	\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
EntLib_DoSX	\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"X
Backtrack_1	(a+a+)+X
#--------------+---------------------------------------------------------------

#--------------+---------------------------------------------------------------
patterns	list of malicious RegEx
#--------------+---------------------------------------------------------------
a++	(a+)+
charclass+	([a-zA-Z]+)*
a_or_aa	(a|aa)+
a_or_a	(a|a?)+
a_11	(.*a){11}
a_65	(.*a){65}
Friedl	([^\\"']+)*
#--------------- same as above again enclosed in ^and $ ----------------
start_a++	^(a+)+$
start_charclass	^([a-zA-Z]+)*$
start_a_or_aa	^(a|aa)+$
start_a_or_a	^(a|a?)+$
start_a_11	^(.*a){11}$
start_a_65	^(.*a){65}$
start_Friedl	^([^\\"']+)*$
#---------------
OWASP	^[a-zA-Z]+((['\,\.\-][a-zA-Z ])?[a-zA-Z]*)*$
DataVault	^\[(,.*)*\]$
EntLib	^([^"]+)(?:\\([^"]+))*$
Java_Classname	^(([a-z])+.)+[A-Z]([a-z])+$
Cox_10	a?a?a?a?a?a?a?a?a?a?aaaaaaaaaa
Cox_25	a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?a?aaaaaaaaaaaaaaaaaaaaaaaaa
#--------------+---------------------------------------------------------------